Print page

Email page

Nuclear Plant Security and Cyber Terrorism

ControlGlobal.com

How To Improve Nuclear Power Plant Security

By Béla Lipták, PE, Columnist

During the last months, I wrote about the critical role that process control will play in converting our energy economy from an exhaustible to an inexhaustible one. In this series of articles, I will write about the role our profession will play during the transition when the planet seems to be drifting towards energy wars. The weapons of these wars of terror will not be limited to biological weapons and “dirty” nuclear bombs, but will also include software viruses and worms that will wage cyber warfare in attacking our infrastructure and industry, including our nuclear power plants. 

My goal with this series of articles is not to spread fear, but to describe the power of process control to protect us . In order to illustrate my point, I selected the nuclear power industry to show how this can be done. I made that selection, because I want to deal with specific cases and nuclear power plants are convenient to illustrate the weak links that exist in this area (Figure 1).

Later I will describe the causes of such accidents as Three Miles Island or Chernobil. By the way, not too many people realize that some 11 Chernobil type nuclear power plant blocks are still in operation in Russia (at Kursk, Smolensk, Leningrad, etc.) and one is also operating until 2009 outside Russia (the Ignalina II block in Lituania). I will also discuss the causes of over 100 nuclear accidents of the past , plus the design and control configurations including interlocks that are used today and will describe the strategies by which process control can protect them from both the common accidents and cyber attacks.

While the targets of cyber attacks of the past  also included other industrial targets, here I will concentrate on nuclear power plants and on their existing means of protection and on the changes needed to close the existing security loopholes. I will discuss the safety needs of all three processing operations: enrichment, power generation and waste disposal.

The Slammer Worm  Attack on the Davis-Besse Power Plant

The grounds of the Davis-Besse nuclear power plant in Oak Harbor, Ohio, are patrolled by armed guards and surrounded by a double row of tall fences that are monitored electronically. Tall fences and other security devices reduce the probability of somebody driving a truck full of explosives into the plant. (For more on external plant security, see  "Access Control"). However, fences do not protect against computer crashes, and armed guards do not protect against viruses and software worms.

On January 25, 2003 a Slammer worm penetrated the private computer network of Ohio's Davis-Besse nuclear power plant. The worm entered by first penetrating the unsecured network of a contractor and squirmed its way into the Davis-Besse corporate business network and because that network was connected to the plant’s network, but bypassed its firewall, it spread to the plant network.

The following sequence followed. At 4:00 PM the operators noticed the slowing of the plant network and at 4:50 PM the Safety Parameter Display System (SPDS) crashed. The SPDS monitors the operation of the coolant system, core temperature, radiation levels and other critical conditions. At 5:13 PM the Plant Process Computer (PPC) also crashed. Therefore, although the plant’s network was protected by a firewall, both the plant’s SPDS and PPC were disabled for about five hours. Fortunately at the time the plant was not in operation, because a hole in the reactor head was being repaired. Another reason why no harm was done is because the analog backups of the SPDS and the PPC could not be attacked by the worm.

We must remember that all our nuclear power plants are old and decades ago, the controls of all nuclear power plants were completely analog. There were no data highways and therefore the data transfer between the plants and corporate offices were secure from cyber attacks. Today, digital systems monitor the critical operating conditions (valve openings, pump status, temperatures, pressures, levels, radiation, loading, etc.) of most nuclear plants, while they are still controlled by analog controls.

Through a number of accidents we have learned that if an intruder worm tampers with the digital monitoring system (like in the case of Davis-Besse's SPDS and PPC), and if the operators are allowed to overrule the automatic safety interlocks, virus or worm attacks are possible. We have also learned that the design and practices of the operator of the Davis-Besse plant (FirstEnergy) were apparently NOT in violation of NRC’s cyber security regulations.

We also know that for financial reasons and because of management convenience, the whole nuclear industry is drifting towards installing completely digital controls to allow the remote operation of some plant functions. This trend could have disastrous consequences not only in newly built nuclear power plants, but also in refineries, chemical plants and throughout industry.

While in the above discussion I concentrated on the Davis-Besse accident, I should note that this one Slammer attack has much wider implications. After this nationwide attack the National Security Telecommunications Advisory Committee concluded that the American electric grid as a whole is controlled by a “Byzantine network riddled by security holes, including unsecured SCADA systems and by unprotected connections between plant and company business networks.”

http://www.controlglobal.com/Media/0811/CT0811_Les